Visible to the public Biblio

Found 989 results

Filters: Keyword is data privacy  [Clear All Filters]
2022-11-18
Banasode, Praveen, Padmannavar, Sunita.  2021.  Evaluation of Performance for Big Data Security Using Advanced Cryptography Policy. 2021 International Conference on Forensics, Analytics, Big Data, Security (FABS). 1:1—5.
The revolution caused by the advanced analysis features of Internet of Things and big data have made a big turnaround in the digital world. Data analysis is not only limited to collect useful data but also useful in analyzing information quickly. Therefore, most of the variants of the shared system based on the parallel structural model are explored simultaneously as the appropriate big data storage library stimulates researchers’ interest in the distributed system. Due to the emerging digital technologies, different groups such as healthcare facilities, financial institutions, e-commerce, food service and supply chain management generate a surprising amount of information. Although the process of statistical analysis is essential, it can cause significant security and privacy issues. Therefore, the analysis of data privacy protection is very important. Using the platform, technology should focus on providing Advanced Cryptography Policy (ACP). This research explores different security risks, evolutionary mechanisms and risks of privacy protection. It further recommends the post-statistical modern privacy protection act to manage data privacy protection in binary format, because it is kept confidential by the user. The user authentication program has already filed access restrictions. To maintain this purpose, everyone’s attitude is to achieve a changing identity. This article is designed to protect the privacy of users and propose a new system of restoration of controls.
Wang, XinRui, Luo, Wei, Bai, XiaoLi, Wang, Yi.  2021.  Research on Big Data Security and Privacy Risk Governance. 2021 International Conference on Big Data, Artificial Intelligence and Risk Management (ICBAR). :15—18.
In the era of Big Data, opportunities and challenges are mixed. The data transfer is increasingly frequent and speedy, and the data lifecycle is also extended, bringing more challenges to security and privacy risk governance. Currently, the common measures of risk governance covering the entire data life cycle are the data-related staff management, equipment security management, data encryption codes, data content identification and de-identification processing, etc. With the trend of data globalization, regulations fragmentation and governance technologization, “International standards”, a measure of governance combining technology and regulation, has the potential to become the best practice. However, “voluntary compliance” of international standards derogates the effectiveness of risk governance through this measure. In order to strengthen the enforcement of the international standards, the paper proposes a governance approach which is “the framework regulated by international standards, and regulations and technologies specifically implemented by national legislation.” It aims to implement the security and privacy risk governance of Big Data effectively.
2022-10-06
Zhang, Jiachao, Yu, Peiran, Qi, Le, Liu, Song, Zhang, Haiyu, Zhang, Jianzhong.  2021.  FLDDoS: DDoS Attack Detection Model based on Federated Learning. 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :635–642.
Recently, DDoS attack has developed rapidly and become one of the most important threats to the Internet. Traditional machine learning and deep learning methods can-not train a satisfactory model based on the data of a single client. Moreover, in the real scenes, there are a large number of devices used for traffic collection, these devices often do not want to share data between each other depending on the research and analysis value of the attack traffic, which limits the accuracy of the model. Therefore, to solve these problems, we design a DDoS attack detection model based on federated learning named FLDDoS, so that the local model can learn the data of each client without sharing the data. In addition, considering that the distribution of attack detection datasets is extremely imbalanced and the proportion of attack samples is very small, we propose a hierarchical aggregation algorithm based on K-Means and a data resampling method based on SMOTEENN. The result shows that our model improves the accuracy by 4% compared with the traditional method, and reduces the number of communication rounds by 40%.
Zhang, Zhiyi, Won, Su Yong, Zhang, Lixia.  2021.  Investigating the Design Space for Name Confidentiality in Named Data Networking. MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM). :570–576.
As a fundamental departure from the IP design which encodes source and destination addresses in each packet, Named Data Networking (NDN) directly uses application-defined data names for network layer communications. While bringing important data-centric benefits, the semantic richness of NDN names has also raised confidentiality and privacy concerns. In this paper, we first define the problem of name confidentiality, and then investigate the solution space through a comprehensive examination of all the proposed solutions up to date. Our work shows that the proposed solutions are simply different means to hide the actual data names via a layer of translation; they differ in where and how the translation takes place, which lead to different trade-offs in feasibility, efficiency, security, scalability, and different degrees of adherence to NDN's data-centric communications. Our investigation suggests the feasibility of a systematic design that can enable NDN to provide stronger name confidentiality and user privacy as compared to today's TCP/IP Internet.
2022-10-03
Tomasin, Stefano, Hidalgo, Javier German Luzon.  2021.  Virtual Private Mobile Network with Multiple Gateways for B5G Location Privacy. 2021 IEEE 94th Vehicular Technology Conference (VTC2021-Fall). :1–6.
In a beyond-5G (B5G) scenario, we consider a virtual private mobile network (VPMN), i.e., a set of user equipments (UEs) directly communicating in a device-to-device (D2D) fashion, and connected to the cellular network by multiple gateways. The purpose of the VPMN is to hide the position of the VPMN UEs to the mobile network operator (MNO). We investigate the design and performance of packet routing inside the VPMN. First, we note that the routing that maximizes the rate between the VPMN and the cellular network leads to an unbalanced use of the gateways by each UE. In turn, this reveals information on the location of the VPMN UEs. Therefore, we derive a routing algorithm that maximizes the VPMN rate, while imposing for each UE the same data rate at each gateway, thus hiding the location of the UE. We compare the performance of the resulting solution, assessing the location privacy achieved by the VPMN, and considering both the case of single hop and multihop in the transmissions from the UEs to the gateways.
Xu, Ruikun.  2021.  Location Based Privacy Protection Data Interference Method. 2021 International Conference on Electronic Information Technology and Smart Agriculture (ICEITSA). :89–93.
In recent years, with the rise of the Internet of things industry, a variety of user location-based applications came into being. While users enjoy these convenient services, their location information privacy is also facing a great threat. Therefore, the research on location privacy protection in the Internet of things has become a hot spot for scholars. Privacy protection microdata publishing is a hot spot in data privacy protection research. Data interference is an effective solution for privacy protection microdata publishing. Aiming at privacy protection clustering problem, a privacy protection data interference method is proposed. In this paper, the location privacy protection algorithm is studied, with the purpose of providing location services and protecting the data interference of users' location privacy. In this paper, the source location privacy protection protocol (PR \_ CECRP) algorithm with controllable energy consumption is proposed to control the energy consumption of phantom routing strategy. In the routing process from the source node to the phantom node, the source data packet forwarding mechanism based on sector area division is adopted, so that the random routing path is generated and the routing energy consumption and transmission delay are effectively controlled.
Yang, Chen, Jia, Zhen, Li, Shundong.  2021.  Privacy-Preserving Proximity Detection Framework for Location-Based Services. 2021 International Conference on Networking and Network Applications (NaNA). :99–106.
With the popularization of mobile communication and sensing equipment, as well as the rapid development of location-aware technology and wireless communication technology, LBSs(Location-based services) bring convenience to people’s lives and enable people to arrange activities more efficiently and reasonably. It can provide more flexible LBS proximity detection query, which has attracted widespread attention in recent years. However, the development of proximity detection query still faces many severe challenges including query information privacy. For example, when users want to ensure their location privacy and data security, they can get more secure location-based services. In this article, we propose an efficient and privacy-protecting proximity detection framework based on location services: PD(Proximity Detection). Through PD, users can query the range of arbitrary polygons and obtain accurate LBS results. Specifically, based on homomorphic encryption technology, an efficient PRQ(polygon range query) algorithm is constructed. With the help of PRQ, PD, you can obtain accurate polygon range query results through the encryption request and the services provided by the LAS(LBS Agent Server) and the CS(Cloud Server). In addition, the query privacy of the queryer and the information of the data provider are protected. The correctness proof and performance analysis show that the scheme is safe and feasible. Therefore, our scheme is suitable for many practical applications.
Saleh, Yasmine N. M., Chibelushi, Claude C., Abdel-Hamid, Ayman A., Soliman, Abdel-Hamid.  2021.  Privacy-Aware Ant Routing for Wireless Multimedia Sensor Networks in Healthcare. 2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR). :1–6.
The problem of maintaining the privacy of sensitive healthcare data is crucial yet the significance of research efforts achieved still need robust development in privacy protection techniques for Wireless Multimedia Sensor Networks (WMSNs). This paper aims to investigate different privacy-preserving methods for WMSNs that can be applied in healthcare, to guarantee a privacy-aware transmission of multimedia data between sensors and base stations. The combination of ant colony optimization-based routing and hierarchical structure of the network have been proposed in the AntSensNet WMSN-based routing protocol to offer QoS and power efficient multipath multimedia packet scheduling. In this paper, the AntSensNet routing protocol was extended by utilizing privacy-preserving mechanisms thus achieving anonymity / pseudonymity, unlinkability, and location privacy. The vulnerability of standard AntSensNet routing protocol to privacy threats have raised the need for the following privacy attacks’ countermeasures: (i) injection of fake traffic, which achieved anonymity, privacy of source and base locations, as well as unlinkability; (ii) encrypting and correlating the size of scalar and multimedia data which is transmitted through a WMSN, along with encrypting and correlating the size of ants, to achieve unlinkability and location privacy; (iii) pseudonyms to achieve unlinkability. The impact of these countermeasures is assessed using quantitative performance analysis conducted through simulation to gauge the overhead of the added privacy countermeasures. It can be concluded that the introduced modifications did enhance the privacy but with a penalty of increased delay and multimedia jitter. The health condition of a patient determines the vitals to be monitored which affects the volumes and sources of fake traffic. Consequently, desired privacy level will dictate incurred overhead due to multimedia transmissions and privacy measures.
2022-09-30
Chu, Mingde, Song, Yufei.  2021.  Analysis of network security and privacy security based on AI in IOT environment. 2021 IEEE 4th International Conference on Information Systems and Computer Aided Education (ICISCAE). :390–393.
With the development of information technology, the Internet of things (IOT) has gradually become the third wave of global information industry revolution after computer and Internet. Artificial intelligence (AI) and IOT technology is an important prerequisite for the rapid development of the current information society. However, while AI and IOT technologies bring convenient and intelligent services to people, they also have many defects and imperfect development. Therefore, it is necessary to pay more attention to the development of AI and IOT technologies, actively improve the application system, and create a network security management system for AI and IOT applications that can timely detect intrusion, assess risk and prevent viruses. In this paper, the network security risks caused by AI and IOT applications are analyzed. Therefore, in order to ensure the security of IOT environment, network security and privacy security have become the primary problems to be solved, and management should be strengthened from technical to legal aspects.
Asare, Bismark Tei, Quist-Aphetsi, Kester, Nana, Laurent, Simpson, Grace.  2021.  A nodal Authentication IoT Data Model for Heterogeneous Connected Sensor Nodes Within a Blockchain Network. 2021 International Conference on Cyber Security and Internet of Things (ICSIoT). :65–71.
Modern IoT infrastructure consists of different sub-systems, devices, applications, platforms, varied connectivity protocols with distinct operating environments scattered across different subsystems within the whole network. Each of these subsystems of the global system has its peculiar computational and security challenges. A security loophole in one subsystem has a directly negative impact on the security of the whole system. The nature and intensity of recent cyber-attacks within IoT networks have increased in recent times. Blockchain technology promises several security benefits including a decentralized authentication mechanism that addresses almost readily the challenges with a centralized authentication mechanism that has the challenges of introducing a single point of failure that affects data and system availability anytime such systems are compromised. The different design specifications and the unique functional requirements for most IoT devices require a strong yet universal authentication mechanism for multimedia data that assures an additional security layer to IoT data. In this paper, the authors propose a decentralized authentication to validate data integrity at the IoT node level. The proposed mechanism guarantees integrity, privacy, and availability of IoT node data.
Kirupanithi, D.Nancy, Antonidoss, A..  2021.  Self-Sovereign Identity creation on Blockchain using Identity based Encryption. 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS). :299–304.
The blockchain technology evolution in recent times has a hopefulness regarding the impression of self-sovereign identity that has a significant effect on the method of interacting with each other with security over the network. The existing system is not complete and procedural. There arises a different idea of self-sovereign identity methodology. To develop to the possibility, it is necessary to guarantee a better understanding in a proper way. This paper has an in-depth analysis of the attributes of the self-sovereign identity and it affects over the laws of identity that are being explored. The Identity management system(IMS) with no centralized authority is proposed in maintaining the secrecy of records, where as traditional systems are replaced by blockchains and identities are generated cryptographically. This study enables sharing of user data on permissioned blockchain which uses identity-based encryption to maintain access control and data security.
Bandara, Eranga, Liang, Xueping, Foytik, Peter, Shetty, Sachin, Zoysa, Kasun De.  2021.  A Blockchain and Self-Sovereign Identity Empowered Digital Identity Platform. 2021 International Conference on Computer Communications and Networks (ICCCN). :1–7.
Most of the existing identity systems are built on top of centralized storage systems. Storing identity data on these types of centralized storage platforms(e.g cloud storage, central servers) becomes a major privacy concern since various types of attacks and data breaches can happen. With this research, we are proposing blockchain and self-sovereign identity based digital identity (KYC - Know Your Customer) platform “Casper” to address the issues on centralized identity systems. “Casper ” is an Android/iOS based mobile identity wallet application that combines the integration of blockchain and a self-sovereign identity-based approach. Unlike centralized identity systems, the actual identities of the customer/users are stored in the customers’ mobile wallet application. The proof of these identities is stored in the blockchain-based decentralized storage as a self-sovereign identity proof. Casper platforms’ Self-Sovereign Identity(SSI)-based system provides a Zero Knowledge Proof(ZKP) mechanism to verify the identity information. Casper platform can be adopted in various domains such as healthcare, banking, government organization etc. As a use case, we have discussed building a digital identity wallet for banking customers with the Casper platform. Casper provides a secure, decentralized and ZKP verifiable identity by using blockchain and SSI based approach. It addresses the common issues in centralized/cloud-based identity systems platforms such as the lack of data immutability, lack of traceability, centralized control etc.
Naik, Nitin, Jenkins, Paul.  2021.  Sovrin Network for Decentralized Digital Identity: Analysing a Self-Sovereign Identity System Based on Distributed Ledger Technology. 2021 IEEE International Symposium on Systems Engineering (ISSE). :1–7.
Digital identity is the key to the evolving digital society and economy. Since the inception of digital identity, numerous Identity Management (IDM) systems have been developed to manage digital identity depending on the requirements of the individual and that of organisations. This evolution of IDM systems has provided an incremental process leading to the granting of control of identity ownership and personal data to its user, thus producing an IDM which is more user-centric with enhanced security and privacy. A recently promising IDM known as Self-Sovereign Identity (SSI) has the potential to provide this sovereignty to the identity owner. The Sovrin Network is an emerging SSI service utility enabling self-sovereign identity for all, therefore, its assessment has to be carefully considered with reference to its architecture, working, functionality, strengths and limitations. This paper presents an analysis of the Sovrin Network based on aforementioned features. Firstly, it presents the architecture and components of the Sovrin Network. Secondly, it illustrates the working of the Sovrin Network and performs a detailed analysis of its various functionalities and metrics. Finally, based on the detailed analysis, it presents the strengths and limitations of the Sovrin Network.
2022-09-20
Dong, Xingbo, Jin, Zhe, Zhao, Leshan, Guo, Zhenhua.  2021.  BioCanCrypto: An LDPC Coded Bio-Cryptosystem on Fingerprint Cancellable Template. 2021 IEEE International Joint Conference on Biometrics (IJCB). :1—8.
Biometrics as a means of personal authentication has demonstrated strong viability in the past decade. However, directly deriving a unique cryptographic key from biometric data is a non-trivial task due to the fact that biometric data is usually noisy and presents large intra-class variations. Moreover, biometric data is permanently associated with the user, which leads to security and privacy issues. Cancellable biometrics and bio-cryptosystem are two main branches to address those issues, yet both approaches fall short in terms of accuracy performance, security, and privacy. In this paper, we propose a Bio-Crypto system on fingerprint Cancellable template (Bio-CanCrypto), which bridges cancellable biometrics and bio-cryptosystem to achieve a middle-ground for alleviating the limitations of both. Specifically, a cancellable transformation is applied on a fixed-length fingerprint feature vector to generate cancellable templates. Next, an LDPC coding mechanism is introduced into a reusable fuzzy extractor scheme and used to extract the stable cryptographic key from the generated cancellable templates. The proposed system can achieve both cancellability and reusability in one scheme. Experiments are conducted on a public fingerprint dataset, i.e., FVC2002. The results demonstrate that the proposed LDPC coded reusable fuzzy extractor is effective and promising.
Wang, Zisen, Liang, Ying, Xie, Xiaojie, Liu, Zhengjun.  2021.  Privacy Protection Method for Experts' Evaluation Ability Calculation of Peer Review. 2021 International Conference on Communications, Information System and Computer Engineering (CISCE). :611—615.
Most of the existing calculation method of expert evaluation ability directly call data onto calculation, which leads to the risk of privacy leakage of expert review information and affects the peer review environment. With regard to this problem, a privacy protection method of experts' evaluation ability calculation of peer review is proposed. Privacy protection and data usability are adjusted according to privacy preferences. Using Gauss distribution and combining with the distributive law of real evaluation data, the virtual projects are generated, and the project data are anonymized according to the virtual projects. Laplace distribution is used to add noise to the evaluation sub score for perturbation, and the evaluation data are obfuscation according to the perturbation sub score. Based on the protected project data and evaluation data, the expert evaluation ability is calculated, and the review privacy is protected. The experimental results show that the proposed method can effectively balance the privacy protection and the accuracy of the calculation results.
Øye, Marius Mølnvik, Yang, Bian.  2021.  Privacy Modelling in Contact Tracing. 2021 International Conference on Computational Science and Computational Intelligence (CSCI). :1279—1282.
Contact tracing is a particularly important part of health care and is often overlooked or forgotten up until right when it is needed the most. With the wave of technological achievements in the last decade, a digital perspective for aid in contact tracing was a natural development from traditional contact tracing. When COVID-19 was categorized as a pandemic, the need for modernized contact tracing solutions became apparent, and highly sought after. Solutions using the Bluetooth protocol and/or Global Positioning System data (GPS) were hastily made available to the public in nations all over the world. These solutions quickly became criticized by privacy experts as being potential tools for tracking.
2022-09-16
Abdaoui, Abderrazak, Erbad, Aiman, Al-Ali, Abdulla, Mohamed, Amr, Guizani, Mohsen.  2021.  A Robust Protocol for Smart eHealthcare based on Elliptic Curve Cryptography and Fuzzy logic in IoT. 2021 IEEE Globecom Workshops (GC Wkshps). :1—6.

Emerging technologies change the qualities of modern healthcare by employing smart systems for patient monitoring. To well use the data surrounding the patient, tiny sensing devices and smart gateways are involved. These sensing systems have been used to collect and analyze the real-time data remotely in Internet of Medical Thinks (IoM). Since the patient sensed information is so sensitive, the security and privacy of medical data are becoming challenging problem in IoM. It is then important to ensure the security, privacy and integrity of the transmitted data by designing a secure and a lightweight authentication protocol for the IoM. In this paper, in order to improve the authentication and communications in health care applications, we present a novel secure and anonymous authentication scheme. We will use elliptic curve cryptography (ECC) with random numbers generated by fuzzy logic. We simulate IoM scheme using network simulator 3 (NS3) and we employ optimized link state routing protocol (OLSR) algorithm and ECC at each node of the network. We apply some attack algorithms such as Pollard’s ρ and Baby-step Giant-step to evaluate the vulnerability of the proposed scheme.

2022-09-09
Cheng, Jie, Zhang, Kun, Tu, Bibo.  2021.  Remote Attestation of Large-scale Virtual Machines in the Cloud Data Center. 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :180—187.
With the development of cloud computing, remote attestation of virtual machines has received extensive attention. However, the current schemes mainly concentrate on the single prover, and the attestation of a large-scale virtualization environment will cause TPM bottleneck and network congestion, resulting in low efficiency of attestation. This paper proposes CloudTA, an extensible remote attestation architecture. CloudTA groups all virtual machines on each cloud server and introduces an integrity measurement group (IMG) to measure virtual machines and generate trusted evidence by a group. Subsequently, the cloud server reports the physical platform and VM group's trusted evidence for group verification, reducing latency and improving efficiency. Besides, CloudTA designs a hybrid high concurrency communication framework for supporting remote attestation of large-scale virtual machines by combining active requests and periodic reports. The evaluation results suggest that CloudTA has good efficiency and scalability and can support remote attestation of ten thousand virtual machines.
2022-08-26
Russo, Alessio, Proutiere, Alexandre.  2021.  Minimizing Information Leakage of Abrupt Changes in Stochastic Systems. 2021 60th IEEE Conference on Decision and Control (CDC). :2750—2757.
This work investigates the problem of analyzing privacy of abrupt changes for general Markov processes. These processes may be affected by changes, or exogenous signals, that need to remain private. Privacy refers to the disclosure of information of these changes through observations of the underlying Markov chain. In contrast to previous work on privacy, we study the problem for an online sequence of data. We use theoretical tools from optimal detection theory to motivate a definition of online privacy based on the average amount of information per observation of the stochastic system in consideration. Two cases are considered: the full-information case, where the eavesdropper measures all but the signals that indicate a change, and the limited-information case, where the eavesdropper only measures the state of the Markov process. For both cases, we provide ways to derive privacy upper-bounds and compute policies that attain a higher privacy level. It turns out that the problem of computing privacy-aware policies is concave, and we conclude with some examples and numerical simulations for both cases.
Liu, Tianyu, Di, Boya, Wang, Shupeng, Song, Lingyang.  2021.  A Privacy-Preserving Incentive Mechanism for Federated Cloud-Edge Learning. 2021 IEEE Global Communications Conference (GLOBECOM). :1—6.
The federated learning scheme enhances the privacy preservation through avoiding the private data uploading in cloud-edge computing. However, the attacks against the uploaded model updates still cause private data leakage which demotivates the privacy-sensitive participating edge devices. Facing this issue, we aim to design a privacy-preserving incentive mechanism for the federated cloud-edge learning (PFCEL) system such that 1) the edge devices are motivated to actively contribute to the updated model uploading, 2) a trade-off between the private data leakage and the model accuracy is achieved. We formulate the incentive design problem as a three-layer Stackelberg game, where the server-device interaction is further formulated as a contract design problem. Extensive numerical evaluations demonstrate the effectiveness of our designed mechanism in terms of privacy preservation and system utility.
Anastasia, Nadya, Harlili, Yulianti, Lenny Putri.  2021.  Designing Embodied Virtual Agent in E-commerce System Recommendations using Conversational Design Interaction. 2021 8th International Conference on Advanced Informatics: Concepts, Theory and Applications (ICAICTA). :1–6.
System recommendation is currently on the rise: more and more e-commerce rely on this feature to give more privilege to their users. However, system recommendation still faces a lot of problems that can lead to its downfall. For instance, the cold start problem and lack of privacy for user’s data in system recommendation will make the quality of this system lesser than ever. Moreover, e-commerce also faces another significant issue which is the lack of social presence. Compared to offline shopping, online shopping in e-commerce may be seen as lacking human presence and sociability as it is more impersonal, cold, automated, and generally devoid of face-to-face interactions. Hence, all of those issues mentioned above may lead to the regression of user’s trust toward e-commerce itself. This study will focus on solving those problems using conversational design interaction in the form of a Virtual Agent. This Virtual Agent can help e-commerce gather user preferences and give clear and direct information regarding the use of user’s data as well as help the user find products, promo, or similar products that they seek in e-commerce. The final result of this solution is a high fidelity prototype designed using User-Centered Design Methodology and Natural Conversational Framework. The implementation of this solution is carried out in Shopee e-commerce by modifying their product recommendation system. This prototype was measured using the usability testing method for usability goals efficient to use and user experience goals helpful.
2022-08-01
Wiefling, Stephan, Tolsdorf, Jan, Iacono, Luigi Lo.  2021.  Privacy Considerations for Risk-Based Authentication Systems. 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :320—327.
Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor authentication and just as secure. However, users currently obtain RBA’s high security and usability benefits at the cost of exposing potentially sensitive personal data (e.g., IP address or browser information). This conflicts with user privacy and requires to consider user rights regarding the processing of personal data. We outline potential privacy challenges regarding different attacker models and propose improvements to balance privacy in RBA systems. To estimate the properties of the privacy-preserving RBA enhancements in practical environments, we evaluated a subset of them with long-term data from 780 users of a real-world online service. Our results show the potential to increase privacy in RBA solutions. However, it is limited to certain parameters that should guide RBA design to protect privacy. We outline research directions that need to be considered to achieve a widespread adoption of privacy preserving RBA with high user acceptance.
2022-07-29
Li, Xianxian, Fu, Xuemei, Yu, Feng, Shi, Zhenkui, Li, Jie, Yang, Junhao.  2021.  A Private Statistic Query Scheme for Encrypted Electronic Medical Record System. 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD). :1033—1039.
In this paper, we propose a scheme that supports statistic query and authorized access control on an Encrypted Electronic Medical Records Databases(EMDB). Different from other schemes, it is based on Differential-Privacy(DP), which can protect the privacy of patients. By deploying an improved Multi-Authority Attribute-Based Encryption(MA-ABE) scheme, all authorities can distribute their search capability to clients under different authorities without additional negotiations. To our best knowledge, there are few studies on statistical queries on encrypted data. In this work, we consider that support differentially-private statistical queries. To improve search efficiency, we leverage the Bloom Filter(BF) to judge whether the keywords queried by users exists. Finally, we use experiments to verify and evaluate the feasibility of our proposed scheme.
Fuhry, Benny, Jayanth Jain, H A, Kerschbaum, Florian.  2021.  EncDBDB: Searchable Encrypted, Fast, Compressed, In-Memory Database Using Enclaves. 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :438—450.
Data confidentiality is an important requirement for clients when outsourcing databases to the cloud. Trusted execution environments, such as Intel SGX, offer an efficient solution to this confidentiality problem. However, existing TEE-based solutions are not optimized for column-oriented, in-memory databases and pose impractical memory requirements on the enclave. We present EncDBDB, a novel approach for client-controlled encryption of a column-oriented, in-memory databases allowing range searches using an enclave. EncDBDB offers nine encrypted dictionaries, which provide different security, performance, and storage efficiency tradeoffs for the data. It is especially suited for complex, read-oriented, analytic queries as present, e.g., in data warehouses. The computational overhead compared to plaintext processing is within a millisecond even for databases with millions of entries and the leakage is limited. Compressed encrypted data requires less space than a corresponding plaintext column. Furthermore, EncDBDB's enclave is very small reducing the potential for security-relevant implementation errors and side-channel leakages.
Abbas, Moneeb, Rashid, Muhammad, Azam, Farooque, Rasheed, Yawar, Anwar, Muhammad Waseem, Humdani, Maryum.  2021.  A Model-Driven Framework for Security Labs using Blockchain Methodology. 2021 IEEE International Systems Conference (SysCon). :1–7.
Blockchain technology is the need of an hour for ensuring security and data privacy. However, very limited tools and documentation are available, therefore, the traditional code-centric implementation of Blockchain is challenging for programmers and developers due to inherent complexities. To overcome these challenges, in this article, a novel and efficient framework is proposed that is based on the Model-Driven Architecture. Particularly, a Meta-model (M2 level Ecore Model) is defined that contains the concepts of Blockchain technology. As a part of tool support, a tree editor (developed using Eclipse Modeling Framework) and a Sirius based graphical modeling tool with a drag-drop palette have been provided to allow modeling and visualization of simple and complex Blockchain-based scenarios for security labs in a very user-friendly manner. A Model to Text (M2T) transformation code has also been written using Acceleo language that transforms the modeled scenarios into java code for Blockchain application in the security lab. The validity of the proposed framework has been demonstrated via a case study. The results prove that our framework can be reliably used and further extended for automation and development of Blockchain-based application for security labs with simplicity.